Skip to main content

Permissions in Control

Control provides a rich set of privileges. In this way, administrators can always assign the necessary privileges to each role. All available permissions in control are grouped into 4 categories:

  • Access
  • Administration
  • Destructive
  • Control

Administration and Destructive permissions always require an additional Access permission. Access, Administration and Destructive permissions manage cluster related functions while the Control permissions manage Control itself. The following sections explain how the different permissions work.

Access Permissions

Each access permission enables/disables the corresponding element in the UI of control. Access permissions are required to execute any kind of request.

List of all the available access permissions:

Access dashboardEnables users to access report related endpoints and the dashboard menu.
Access appsEnables users to access apps related endpoints and the apps menu.
Access processesEnables users to access bpmn related endpoints and the processes menu.
Access casesEnables users to access cmmn related endpoints and the cases menu.
Access formsEnables users to access form related endpoints and the forms menu.
Access decisionsEnables users to access decision related endpoints and the decision menu.
Access contentEnables users to access content related endpoints and the content menu.
Access event-registryEnables users to access event registry related endpoints and the event registry menu.
Access templatesEnables users to access template related endpoints and the templates menu.
Access actionsEnables users to access actions related endpoints and the actions menu.
Access engageEnables users to access ENGAGE related endpoints and the ENGAGE menu.
Access data-objectsEnables users to access data object related endpoints and the data objects menu.
Access servicesEnables users to access services related endpoints and the services menu.
Access usersEnables users to access users related endpoints and the users menu.
Access indexesEnables users to access indexes related endpoints and the indexes menu.
Access housekeepingEnables users to access housekeeping related endpoints and the housekeeping menu.
Access utilitiesEnables users to access utilities related endpoints and the utilities menu.
Access system-infoEnables users to access system info related endpoints and the system info menu.
Access master dataEnables users to access master data related endpoints and the master data instances menu.
Access SLAsEnables users to access SLA related endpoints and the SLA menu.

Administration Permission

Each admin permission enables the user to call particular actions like deleting definitions or updating instance variables. However, all administration permissions always require some additional access permission.
Example: The permission Modify instance requires either Access cases or Access processes.

Upload new deploymentEnables users to upload deployment files.
Migrate instanceEnables users to migrate instance to different versions.
Modify instanceEnables users to modify instances.
Reindex instanceEnables users to reindex instances (one instance at a time)
Manage reindexEnables users to reindex all instances at once.
Change stateEnables users to change the state of instances
Change task stateEnables users to change the state of task instances
Trigger eventEnables users to trigger events for instances
Move jobEnables users to move jobs
Execute jobEnables users to execute jobs
Create idm userEnables users to create IDM users
Edit idm userEnables users to edit IDM users
Edit idm user definitionEnables users to edit IDM user definitions
Create idm groupEnables users to create idm groups
Edit idm groupEnables users to edit idm groups
Modify sequencesEnables users to modify sequences
Import master dataEnables users to import master data

Destructive Permissions

This category contains all actions that delete or terminate crucial data within the target cluster. Again, all destructive permissions require access permission to work properly.
Example: The permission Delete instance requires either Access cases or Access processes.

Delete deploymentEnables users to delete deployments
Delete instanceEnables users to delete instances
Terminate instanceEnables users to terminate instances
Delete jobEnables users to delete jobs
Delete housekeeping jobEnables users to delete housekeeping jobs
Schema definition update databaseEnables users to execute database update on schema definitions
Schema definition rollback databaseEnables users to execute database rollbacks on schema definitions
Modify system-infoEnables users to modify the system information
Delete master dataEnables users to delete master data instances based on data object definition IDs

Control Permissions

This category contains all permissions that are related to Control itself. Similar to Access,Administration and Destructive the Control permissions relay on each other.
Example: Access Control Cluster is required to add, edit or delete cluster configuration

Access control clusterEnables users to access the Control cluster information
Add clusterEnables users to add new cluster configurations
Edit clusterEnables users to edit existing cluster configurations
Delete clusterEnables users to delete cluster configurations
Access control usersEnables users to modify the system information
Create userEnables users to create new Control user
Edit userEnables users to edit existing Control user
Delete userEnables users to delete Control user
Access control rolesEnables users to modify the system information
Create rolesEnables users to create new Control roles
Delete rolesEnables users to delete Control roles
Assign rolesEnables users to assign Control users to Control roles
Access control auditEnables users to to access the audit log
Access control actuatorEnables users to to access the actuator
Modify licenseEnables users to modify the license information